{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5526", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-04T06:19:57.834Z", "datePublished": "2026-04-04T22:15:14.338Z", "dateUpdated": "2026-04-06T14:51:31.134Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-04T22:15:14.338Z"}, "title": "Tenda 4G03 Pro httpd access control", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "Tenda", "product": "4G03 Pro", "versions": [{"version": "1.0", "status": "affected"}, {"version": "1.1", "status": "affected"}, {"version": "04.03.01.0", "status": "affected"}, {"version": "04.03.01.1", "status": "affected"}, {"version": "04.03.01.2", "status": "affected"}, {"version": "04.03.01.3", "status": "affected"}, {"version": "04.03.01.4", "status": "affected"}, {"version": "04.03.01.5", "status": "affected"}, {"version": "04.03.01.6", "status": "affected"}, {"version": "04.03.01.7", "status": "affected"}, {"version": "04.03.01.8", "status": "affected"}, {"version": "04.03.01.9", "status": "affected"}, {"version": "04.03.01.10", "status": "affected"}, {"version": "04.03.01.11", "status": "affected"}, {"version": "04.03.01.12", "status": "affected"}, {"version": "04.03.01.13", "status": "affected"}, {"version": "04.03.01.14", "status": "affected"}, {"version": "04.03.01.15", "status": "affected"}, {"version": "04.03.01.16", "status": "affected"}, {"version": "04.03.01.17", "status": "affected"}, {"version": "04.03.01.18", "status": "affected"}, {"version": "04.03.01.19", "status": "affected"}, {"version": "04.03.01.20", "status": "affected"}, {"version": "04.03.01.21", "status": "affected"}, {"version": "04.03.01.22", "status": "affected"}, {"version": "04.03.01.23", "status": "affected"}, {"version": "04.03.01.24", "status": "affected"}, {"version": "04.03.01.25", "status": "affected"}, {"version": "04.03.01.26", "status": "affected"}, {"version": "04.03.01.27", "status": "affected"}, {"version": "04.03.01.28", "status": "affected"}, {"version": "04.03.01.29", "status": "affected"}, {"version": "04.03.01.30", "status": "affected"}, {"version": "04.03.01.31", "status": "affected"}, {"version": "04.03.01.32", "status": "affected"}, {"version": "04.03.01.33", "status": "affected"}, {"version": "04.03.01.34", "status": "affected"}, {"version": "04.03.01.35", "status": "affected"}, {"version": "04.03.01.36", "status": "affected"}, {"version": "04.03.01.37", "status": "affected"}, {"version": "04.03.01.38", "status": "affected"}, {"version": "04.03.01.39", "status": "affected"}, {"version": "04.03.01.40", "status": "affected"}, {"version": "04.03.01.41", "status": "affected"}, {"version": "04.03.01.42", "status": "affected"}, {"version": "04.03.01.43", "status": "affected"}, {"version": "04.03.01.44", "status": "affected"}, {"version": "04.03.01.45", "status": "affected"}, {"version": "04.03.01.46", "status": "affected"}, {"version": "04.03.01.47", "status": "affected"}, {"version": "04.03.01.48", "status": "affected"}, {"version": "04.03.01.49", "status": "affected"}, {"version": "04.03.01.50", "status": "affected"}, {"version": "04.03.01.51", "status": "affected"}, {"version": "04.03.01.52", "status": "affected"}, {"version": "04.03.01.53", "status": "affected"}, {"version": "192.168.0.0", "status": "affected"}, {"version": "192.168.0.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR"}}], "timeline": [{"time": "2026-04-04T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-04T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-04T08:25:10.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "CoreNode (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB Vulnerability Moderation Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/355279", "name": "VDB-355279 | Tenda 4G03 Pro httpd access control", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/355279/cti", "name": "VDB-355279 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/782052", "name": "Submit #782052 | Tenda Tenda 4G03 Pro V1.0 V04.03.01.53 Authentication Bypass Issues", "tags": ["third-party-advisory"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T14:28:18.964474Z", "id": "CVE-2026-5526", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T14:51:31.134Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5526", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T14:28:18.964474Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T14:28:23.772Z"}}], "cna": {"title": "Tenda 4G03 Pro httpd access control", "credits": [{"lang": "en", "type": "reporter", "value": "CoreNode (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB Vulnerability Moderation Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR"}}], "affected": [{"vendor": "Tenda", "product": "4G03 Pro", "versions": [{"status": "affected", "version": "1.0"}, {"status": "affected", "version": "1.1"}, {"status": "affected", "version": "04.03.01.0"}, {"status": "affected", "version": "04.03.01.1"}, {"status": "affected", "version": "04.03.01.2"}, {"status": "affected", "version": "04.03.01.3"}, {"status": "affected", "version": "04.03.01.4"}, {"status": "affected", "version": "04.03.01.5"}, {"status": "affected", "version": "04.03.01.6"}, {"status": "affected", "version": "04.03.01.7"}, {"status": "affected", "version": "04.03.01.8"}, {"status": "affected", "version": "04.03.01.9"}, {"status": "affected", "version": "04.03.01.10"}, {"status": "affected", "version": "04.03.01.11"}, {"status": "affected", "version": "04.03.01.12"}, {"status": "affected", "version": "04.03.01.13"}, {"status": "affected", "version": "04.03.01.14"}, {"status": "affected", "version": "04.03.01.15"}, {"status": "affected", "version": "04.03.01.16"}, {"status": "affected", "version": "04.03.01.17"}, {"status": "affected", "version": "04.03.01.18"}, {"status": "affected", "version": "04.03.01.19"}, {"status": "affected", "version": "04.03.01.20"}, {"status": "affected", "version": "04.03.01.21"}, {"status": "affected", "version": "04.03.01.22"}, {"status": "affected", "version": "04.03.01.23"}, {"status": "affected", "version": "04.03.01.24"}, {"status": "affected", "version": "04.03.01.25"}, {"status": "affected", "version": "04.03.01.26"}, {"status": "affected", "version": "04.03.01.27"}, {"status": "affected", "version": "04.03.01.28"}, {"status": "affected", "version": "04.03.01.29"}, {"status": "affected", "version": "04.03.01.30"}, {"status": "affected", "version": "04.03.01.31"}, {"status": "affected", "version": "04.03.01.32"}, {"status": "affected", "version": "04.03.01.33"}, {"status": "affected", "version": "04.03.01.34"}, {"status": "affected", "version": "04.03.01.35"}, {"status": "affected", "version": "04.03.01.36"}, {"status": "affected", "version": "04.03.01.37"}, {"status": "affected", "version": "04.03.01.38"}, {"status": "affected", "version": "04.03.01.39"}, {"status": "affected", "version": "04.03.01.40"}, {"status": "affected", "version": "04.03.01.41"}, {"status": "affected", "version": "04.03.01.42"}, {"status": "affected", "version": "04.03.01.43"}, {"status": "affected", "version": "04.03.01.44"}, {"status": "affected", "version": "04.03.01.45"}, {"status": "affected", "version": "04.03.01.46"}, {"status": "affected", "version": "04.03.01.47"}, {"status": "affected", "version": "04.03.01.48"}, {"status": "affected", "version": "04.03.01.49"}, {"status": "affected", "version": "04.03.01.50"}, {"status": "affected", "version": "04.03.01.51"}, {"status": "affected", "version": "04.03.01.52"}, {"status": "affected", "version": "04.03.01.53"}, {"status": "affected", "version": "192.168.0.0"}, {"status": "affected", "version": "192.168.0.1"}]}], "timeline": [{"lang": "en", "time": "2026-04-04T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-04T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-04T08:25:10.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/355279", "name": "VDB-355279 | Tenda 4G03 Pro httpd access control", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/355279/cti", "name": "VDB-355279 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/782052", "name": "Submit #782052 | Tenda Tenda 4G03 Pro V1.0 V04.03.01.53 Authentication Bypass Issues", "tags": ["third-party-advisory"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Controls"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-04T22:15:14.338Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5526", "state": "PUBLISHED", "dateUpdated": "2026-04-06T14:51:31.134Z", "dateReserved": "2026-04-04T06:19:57.834Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-04T22:15:14.338Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:4g03_pro_firmware:04.03.01.53:*:*:*:*:*:*:*", "matchCriteriaId": "1170A463-16F3-4CFF-9768-F2DEA5E3C9F1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:4g03_pro:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "72ECCBAF-2C5B-4A2D-B1DE-FFC37382A42D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."}], "id": "CVE-2026-5526", "lastModified": "2026-04-30T13:35:37.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-04T23:16:44.290", "references": [{"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/782052"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/355279"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/vuln/355279/cti"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.12"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.14"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.16"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.17"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.18"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.19"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.20"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.21"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.22"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.23"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.24"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.25"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.26"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.27"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.28"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.29"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.30"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.31"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.32"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.33"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.34"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.35"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.36"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.37"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.38"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.39"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.40"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.41"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.42"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.43"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.44"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.45"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.46"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.47"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.48"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.49"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.50"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.51"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.52"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "04.03.01.53"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "192.168.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "192.168.0.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "4G03 Pro", "source": "cna", "vendor": "Tenda"}, "product": "4g03_pro", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-05T00:20:32.217868+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update from Tenda that addresses the httpd access control issue.", "If an update is unavailable, disable the httpd service or restrict its access to trusted internal networks only.", "Change default administrative credentials to strong, unique passwords for all accounts.", "Restrict remote management to a VPN or whitelist specific IP addresses.", "Monitor device logs for unauthorized access attempts and verify the device\u2019s network activity regularly."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Access via Improper Access Control"}, "threat_synthesis": {"affected_systems": "This issue affects Tenda routers identified as the 4G03 Pro model running firmware versions 1.0, 1.1, and 04.03.01.53. The device is typically accessed via the default local IP of 192.168.0.1 and is intended to be managed over a LAN or VPN. No other vendor or product variants are explicitly listed.", "description_and_impact": "The Tenda 4G03 Pro firmware versions up to 1.0, 1.1, and 04.03.01.53 contain a flaw in the /bin/httpd binary that allows improper access controls to be manipulated. An attacker who can reach the device's web interface can potentially bypass authentication or gain unauthorized administrative capabilities, exposing the router\u2019s configuration and network traffic to compromise.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity, and though EPSS data is missing, the fact that a public exploit is available and the attack can be carried out remotely elevates the real\u2011world risk. Attackers need only network access to the device\u2019s web interface; no credentials or special knowledge are required beyond a standard web request. The vulnerability is not included in CISA\u2019s KEV catalog, but the public nature of the exploit suggests that it could be widely used once discovered."}}}}, "created": "2026-04-06T20:26:54.081433+00:00", "updated": "2026-04-06T21:57:29.238447+00:00", "vendors": ["tenda", "tenda$PRODUCT$4g03_pro"]}